Hello Guest, if you are reading this it means you have not registered yet. Please take a second, Click here to register, and in a few simple steps you will be able to enjoy our community and use our OpenViX support section.
Results 1 to 1 of 1

Thread: ‘AppBuyer’ malware for iOS discovered, affects jailbroken devices

  1. 16-09-14, 04:14 #1
    Larry-G's Avatar
    Larry-G
    Larry-G is offline
    Title
    V.I.P
    Donated Member
    Join Date
    May 2010
    Posts
    32,542
    Thanks
    7,824
    Thanked 22,935 Times in 12,378 Posts

    ‘AppBuyer’ malware for iOS discovered, affects jailbroken devices



    Palo Alto Networks has found and analyzed a new malware for iOS called “AppBuyer” that affects jailbroken iPhone, iPad and iPod touch devices. The malware is designed to steal a user’s Apple ID username and password and upload the information to the attacker’s server, at which point he can download apps from the App Store from that account.


    The malware, classified as Trojan, works in three steps. First, it downloads an executable file to generate a unique UUID, then it downloads a Cydia Substrate tweak to intercept all HTTP/HTTPS sessions to steal the Apple ID credentials, and last it downloads a fake gzip utility that will login into the App Store.


    It remains unclear how AppBuyer has been installed onto jailbroken iOS devices, but a handful of possibilities have been outlined. These include installation through a malicious Cydia Substrate jailbreak tweak, such as “Trojan.iOS.AdThief,” hosted in third-party repositories, through other PC malware or through a PC jailbreaking utility.


    AppBuyer was originally brought to light by the WeiPhone Technical Group in May, after they remotely helped a user discover why some apps had periodically been installed onto his jailbroken iPhone. What the group discovered is two malicious files that would download, execute and delete other executable files from the web.


    It is not the first time that jailbroken devices have been victimized by malware. Earlier this year, Palo Alto Networks also discovered AdThief malware that was attempting to steal ad impressions.


    While the team recommends that you refrain from jailbreaking your iPhone, iPad or iPod touch to remain fully secure, it also advises using a tool like iFile or iFunBox to check for any of these files or directories to see if your device is infected by the malware:




    • /System/Library/LaunchDaemons/com.archive.plist
    • /bin/updatesrv
    • /tmp/updatesrv.log
    • /etc/uuid
    • /Library/MobileSubstrate/DynamicLibraries/aid.dylib
    • /usr/bin/gzip




    As the source of these malicious files on jailbroken devices has not been determined, simply removing the above might not be enough to ensure that you are secure. If you do come across any of the files, it would probably be wise to restore your device back to factory default settings through iTunes.


    Palo Alto Networks has also released URL signatures to stop the download of the malicious files mentioned above, and will soon be releasing DNS and IPS signatures as well.

    Code:
    http://www.iphonehacks.com/2014/09/appbuyer-malware-ios-jailbroken-devices-apple-id.html
    My posts contain my own personal thoughts and opinions, they do not represent those of any organisation or group but my own.

    If you don't like what I post, Don't read it.

    SIMPLES.
    Reply With Quote Reply With Quote

  2. The Following User Says Thank You to Larry-G For This Useful Post:

    skratch (17-09-14)
  3. Sponsored by World-of-Satellite.co.uk
« Windows 9 official unveiling coming September 30th | BT Sport Extra red button »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

This website uses cookies
We use cookies to store session information to facilitate remembering your login information, to allow you to save website preferences, to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners.
     

Options

About

Welcome to Satellite Support Forum .: Home of OpenViX Team:.!

World-of-Satellite enthusiasts Satellite, IPTV, Technology, Audio visual Forum.

Any information provided on this site is not guaranteed in any way. Some articles may discuss topics that are illegal, so this information is provided for educational purposes only, your use of the content, downloads and files, or any part thereof, is made solely at your own risk and responsibility. Viewing Pay TV without a valid subscription is illegal. !! World-of-Satellite.com cannot be held responsible for the content of any information stored or posted on this forum.

Site Links

Social Media